Hello Guys, let’s see if I can help. What I need is the following:
When there is a DDoS attack that damages the network completely, we use the TORCH to analyze the attack for which IP is being shot through the traffic, when identified, we put the IP in blackhole through BGP Communities.
The question here is this, how do you when the attack (which can be identified by the traffic of the interface itself) to make their own TRAFFIC MONITOR activates a script that finds the largest IP network traffic, and run the command to insert it in ROUTE FILTERS with the blackhole.
The intention is that the process is automated and thus is more agile, without the need for human intervention.
Is it possible?
Thanks.
PS: Sorry for my english, I’m Brazilian.